A transaction authorization apparatus includes a processor in communication with a communications interface. The processor is configured to receive a request for a transaction requested by a user with whom a plurality of user devices are associated, to obtain respective transaction measurements from at least some available devices from among the plurality of user devices, and to confirm approval of the request for the transaction in response to confirmation that the transaction measurements satisfy a multi-device authorization policy associated with the transaction.

A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.

A technology is provided for using a multi-factor authentication process to access services in a computing service environment. One or more policies can be defined for allowing access to one or more services and/or resources associated with a service provider environment according to an authenticated identity. A device, detected by a voice-capturing endpoint within a defined geographical location, may be authenticated according to a unique identification (ID). Voice data received from the voice-capturing endpoint can be authenticated. The authenticated identity can be established according to the authenticated device and the authenticated voice data. A command, received via a voice command from the voice-capturing endpoint, may be issued with the authenticated identity to access the one or more services and/or resources associated with the service provider environment according to the plurality of policies.

An authentication assurance level associated with an entity, for instance a user equipment, may be computed periodically or in response to an event. The authentication assurance level is compared to an authentication threshold. Based on the comparison, it is determined whether a fresh performance of at least one authentication factor needs to be performed. Thus, appropriate authentication factors and functions may be invoked on a periodic basis to maintain a certain authentication assurance level, which is referred to herein as the assurance threshold. The authentication assurance level may change, for instance decay, over time and may be refreshed periodically.

A user verification apparatus may perform user verification using multiple biometric verifiers. The user verification apparatus may set a termination stage of one or more biometric verifiers. Multiple biometric verifiers may be used to generate outputs, for which separate termination stages are set to establish a particular combination of set termination stages associated with the multiple biometric verifiers, and the user verification apparatus may fuse outputs of the biometric verifiers based on the particular combination of set termination stages. The user verification apparatus may verify a user based on a result of the fusing, and an unlocking command signal may be generated based on the verifying. The unlocking command signal may be generated to selectively grant access, to the verified user, to one or more elements of a device. The device may be a vehicle.

A device may obtain registration data associated with a registration of an individual. The registration data may include an image that depicts a physical key and a reference object. The device may process the image to identify a first feature of the physical key and a first measurement of the first feature based on the size of the reference object. The device may store first feature data based on the first feature and the first measurement. The device may obtain second feature data based on a second feature of the physical key and a second measurement of the second feature identified from an insertion of the physical key into a keyhole of an authentication mechanism. The device may determine whether the first feature data corresponds to the second feature data. The device may authenticate the individual based on determining that the first feature data corresponds to the second feature data.

The invention relates to an industrial system comprising machines, systems for controlling machines connected by a first communication network, and a gateway intended to connect the first communication network to a second communication network. The gateway comprises a memory and comprises a processor configured to copy to the memory first data transmitted over the second communication network and relating to the operation of the machines.

Systems and methods are provided for authenticating an identity of a user requesting a resource or service from an entity. In some embodiments, a system may include at least one processor; and a non-transitory medium containing instructions that cause the system to perform operations. The operations may include receiving credential information associated with the remote user, and receiving, from the server associated with the entity, first hash information. The operations may also include generating second hash information based on information associated with the user, comparing the first hash information with the second hash information, and transmitting an indication based on the comparison to the server associated with the entity.

A method and system determines a probability that a mobile device is in use by a first user. Sensors of a mobile device are used to detect and quantify human activity and habitual or behavior traits. A collection of such habitual human trait values identifying a first user of the device are memorized during a training and learning period. During subsequent periodic predictive periods, a new collection of like habitual trait values of the current user of the device, when captured and compared with memorized values of the first user of the device relative to time, uniquely identify the person in possession of the mobile device as being or not being the first user of the device. By associating this knowledge with a unique device known to be assigned to the first user of the device, it becomes possible to confirm identity without risk of impersonation.

A user terminal includes a computer unit for executing algorithms and for controlling the user terminal and a first communication interface for establishing a data connection with a server in a communication network. A method for authorizing the user terminal in connection with using a service operated on the server in the communication network includes: generating an audio signal characteristic of the user terminal in relation to an impending use of the service; acquiring, by the user terminal, the characteristic audio signal; transmitting the characteristic audio signal to the server via the data connection; authenticating, by the server, via one or more signature keys stored in a database, the transmitted characteristic audio signal; and based on successful authentication, authorizing, by the server, the user terminal for the service.